<?php
// @formatter:off
/**
 * @file c.edituser.php
 * @author Alejandro Dario Simi
 * @date $Date: 2013-06-16 23:56:49 +0000 (Sun, 16 Jun 2013) $
 *
 * $Id: c.edituser.php 73 2013-06-16 23:56:49Z daemonraco@gmail.com $
 * $URL: http://wcomix.googlecode.com/svn/tags/wcomix-1.0.0.2/themes/default/controlers/contents/c.edituser.php $
 */
// @formatter:on

if($wcProfile->allowedAny(WC_PERM_USER_SELF_EDIT, WC_PERM_USER_EDIT, WC_PERM_USER_REGISTER, WC_PERM_USER_RESET)) {
	global $wcThemeAssigns;
	global $wcGroupsHolder;
	global $wcPermissions;
	global $wcUser;
	global $wcSubUser;
	global $wcUserXData;

	$hash = isset($_REQUEST["hash"]) ? $_REQUEST["hash"] : false;

	/*
	 * Conditions:
	 *	- If there's no hash for password reset and there's a specified
	 *	  user id to be edited, but the current user is not granted to,
	 *	  it goes to user viewer page. Unless the user to edit is the
	 *	  current one.
	 *	- If there's no hash for password reset and there's no specified
	 *	  user id to be edited, or the one specified is the current on,
	 *	  but the current user is not granted to edit it's own profile,
	 *	  it goes to 403 page.
	 *		- @todo show a better error message on this condition.
	 *	- Otherwise, the meanings are:
	 *		- The current user has a hash for password reset.
	 *		- The current user is trying to edit it's own profile.
	 *		- The current user is trying to edit another user and it's
	 *		  allowed to do it.
	 */
	if(!$hash && $wcSubUser && $wcSubUser != $wcUser && !$wcProfile->granted(WC_PERM_USER_EDIT)) {
		$wcThemeAssigns["error-message"] = "You are not allowed to either edit nor view users";
		require "{$this->_themeRoot}/controlers/contents/c.403.php";
	} elseif(!$hash && (!$wcSubUser || $wcSubUser == $wcUser) && !$wcProfile->granted(WC_PERM_USER_SELF_EDIT)) {
		$wcThemeAssigns["error-message"] = "You are not allowed to edit your profile";
		require "{$this->_themeRoot}/controlers/contents/c.403.php";
	} else {
		$wcThemeAssigns["PATH"] = "Profile Edit";
		$wcThemeAssigns["ACTIONCONTENT"] = "/contents/c.edituser.html";
		//
		$user = $wcSubUser ? $wcSubUser : $wcUser;
		$data = $user->data();
		//
		if($hash && $user->hash_reset == $hash) {
			$wcThemeAssigns["PASSRESET"] = $hash;
		}
		//
		// User information.
		$wcThemeAssigns["id"] = $user->id();
		$wcThemeAssigns["username"] = $user->username();
		$wcThemeAssigns["fullname"] = $data->fullname;
		$wcThemeAssigns["email"] = $data->email ? $data->email : "";

		$groups = array();
		foreach($wcGroupsHolder->groups() as $group) {
			$aux = array(
				"id" => $group->id(),
				"name" => $group->name(),
				"selected" => $user->profileCode($group)
			);
			$groups[$group->id()] = $aux;
		}
		$wcThemeAssigns["groups"] = $groups;
		//
		// Loading user extra data structures and information.
		$extraData = array();
		foreach($wcUserXData as $key => $value) {
			if(is_numeric($key)) {
				if(is_array($value["values"])) {
					sort($value["values"]);
				}
				$extraData[] = array(
					"USX_NAME" => $value["name"],
					"USX_TITLE" => $value["title"],
					"USX_TYPE" => (in_array($value["type"], array("list"))) ? $value["type"] : "unknown",
					"USX_VALUE" => $data->getExtra($value["name"]),
					"USX_VALUES" => $value["values"]
				);
			}
		}
		$wcThemeAssigns["extradata"] = $extraData;
		//
		// Loading administration stuff.
		// Master users can't be edited because those are special users.
		if($wcProfile->granted(WC_PERM_USER_ADMIN) && !$hash && $wcSubUser && !in_array($wcSubUser->id, array(
			WC_USER_ROOT_ID,
			WC_USER_CRON_ID
		))) {
			$wcThemeAssigns["ADMIN"] = true;

			$wcThemeAssigns["profiles"] = array_diff($wcPermissions["_names"]["profiles"], array(
				"*",
				"ROOT"
			));
		}
	}
} else {
	$wcThemeAssigns["error-string"] = "You're not allowed to edit user's information";
	require "{$this->_themeRoot}/controlers/contents/c.403.php";
}
?>